fix: filter more CSP errors (#6839)

* fix: filter more CSP errors * fix regex * fix

fix: filter more CSP errors (#6839)
* fix: filter more CSP errors * fix regex * fix
469a0060 · Vignesh Mohankumar · GitHub · c673c9e4 · 469a0060 · 469a0060
Commit 469a0060 authored Jun 26, 2023 by Vignesh Mohankumar Committed by GitHub Jun 26, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 3 deletions

errors.test.ts src/tracing/errors.test.ts +12 -0

errors.ts src/tracing/errors.ts +4 -3

No files found.
--- a/src/tracing/errors.test.ts
+++ b/src/tracing/errors.test.ts
@@ -128,6 +128,18 @@ describe('beforeSend', () => {
      expect(beforeSend(ERROR, { originalException })).toBeNull()
    })

+    it('filters blocked frame errors', () => {
+      const originalException = new Error(
+        'Blocked a frame with origin "https://app.uniswap.org" from accessing a cross-origin frame.'
+      )
+      expect(beforeSend(ERROR, { originalException })).toBeNull()
+    })
+
+    it('fiters write permission denied errors', () => {
+      const originalException = new Error('NotAllowedError: Write permission denied.')
+      expect(beforeSend(ERROR, { originalException })).toBeNull()
+    })
+
    it('filters CSP unsafe-eval compile/instatiate errors', () => {
      const originalException = new Error(
        "Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: \"script-src 'self' https://www.google-a..."

--- a/src/tracing/errors.ts
+++ b/src/tracing/errors.ts
@@ -42,6 +42,7 @@ function updateRequestUrl(event: ErrorEvent) {
  }
 }

+// TODO(WEB-2400): Refactor to use a config instead of returning true for each condition.
 function shouldRejectError(error: EventHint['originalException']) {
  if (error instanceof Error) {
    // ethers aggressively polls for block number, and it sometimes fails (whether spuriously or through rate-limiting).
@@ -74,9 +75,9 @@ function shouldRejectError(error: EventHint['originalException']) {
    // Content security policy 'unsafe-eval' errors can be filtered out because there are expected failures.
    // For example, if a user runs an eval statement in console this error would still get thrown.
    // TODO(WEB-2348): We should extend this to filter out any type of CSP error.
-    if (error.message.match(/'unsafe-eval'.*content security policy/i)) {
-      return true
-    }
+    if (error.message.match(/'unsafe-eval'.*content security policy/i)) return true
+    if (error.message.match(/Blocked a frame with origin ".*" from accessing a cross-origin frame./)) return true
+    if (error.message.match(/NotAllowedError: Write permission denied./)) return true

    // WebAssembly compilation fails because we do not allow 'unsafe-eval' in our CSP.
    // Any thrown errors are due to 3P extensions/applications, so we do not need to handle them.